Tags:




Is my anti-virus lying to me?
September 17, 2009 1:00 PM   RSS feed for this thread Subscribe

My anti-virus say's my computer is infected, but I think it's talking bollocks... or has xearth suddenly turned evil on me?

I've been using xearth for years now, with nary a hint of a problem. I think it's great, my favourite desktop thing. But today my anti-virus (CA Anti Virus) claims it's got a trojan - krypnek.

How can this be? Has xearth gone bad? Should I ditch it? I'd rather not. Should I ditch CA anti-virus? Or should I keep them both, ignore my anti-virus and exclude xearth from the virus scan?

I can't find out much about what krypnek is and what it does - only the link above. CA has bugger all about it on their site.

I'm using Win XP SP3 by the way.
posted by ComfySofa to computers & internet (12 comments total) 1 user marked this as a favorite
With 1/41 on VirusTotal, I'd argue that it's a false positive.
posted by sharkfu at 1:15 PM on September 17


Malwarebytes is your friend here. Install it and keep your existing AV.
posted by Burhanistan at 1:16 PM on September 17 [1 favorite]


Malwarebytes is your friend here. Install it and keep your existing AV.

Seconding Malwarebytes, but recommending you drop CA for something else when convenient. It is terrible software, IMHO. (I use Kaspersky, but personal tastes may vary. Most of those tastes will be better than CA, though.)

In the meantime, it looks like you'll need to exclude xearth from your scan since it seems to be pretty legit.
posted by cimbrog at 1:38 PM on September 17


Cheers guys, that's pretty much what I was hoping to hear!

Thanks for pointing me to that VirusTotal site sharkfu, not seen that before.

I'll not be bothering to renew with CA I think, I'm not terribly fond of it. I've been eyeing Kaspersky - I take it you're happy with it, cimbrog?

And I'll install malwarebytes, thanks Burhanistan.
posted by ComfySofa at 1:48 PM on September 17


I'd like to recommend NOD32 by ESET. Even if you don't purchase their standalone client package, you might consider using their FREE online scanner.

Here is what Wikipedia says about NOD32:

NOD32 is written largely in assembly code, which supposedly contributes to its low use of system resources and high scanning speed.

Reception:

* NOD32 was certified by ICSA Labs.

* It has been tested 54 times by Virus Bulletin with a success rate of 96%,[12] the highest pass rate of the tested anti-virus products.

* It was rated 5 stars out of 6 by PC Pro Magazine and received their "recommended" award.

* At CNet.com it has received a score of 4.5/5 by editors

* 94.4% Malware Detection and 94.7% spyware detection in the latest AV-Test comparative

* 93% Detection on Set A and 96.6% Detection on Set B with most aggressive settings in the latest AV-Comparatives Test
posted by jmnugent at 2:04 PM on September 17


It's all snake-oil.
posted by jeffamaphone at 2:21 PM on September 17


I'll second NOD32 just in terms of speed... it's the fastest AV (in terms of not bogging my system down) I've ever used, and I've used a bunch.
posted by reptile at 2:32 PM on September 17


It's all snake-oil.

Really? What is? Malware bytes has saved me a lot of trouble with expatriot guest employees who ruin their laptops surfing porn. Also, McAfee has done a pretty good job on my corporate network keeping out malicious attachments. What are you referring to as snake oil?
posted by Burhanistan at 2:32 PM on September 17


They all give false positives. I wouldnt call it snake oil, but switching for the sake of one false positive is jumping the gun.
posted by damn dirty ape at 4:18 PM on September 17


> I've been eyeing Kaspersky

Judging by Kaspersky's free on-line scan it's very good but is also the most paranoid of the lot. Calls out the most false positives by a good margin.

I second (or third) the rec of NOD32. I have it on my home domain controller (when it's got Windows booted, anyway) and it strikes me as enough better than the free AV programs to make it worth paying for.

> It's all snake-oil.

I don't think it's all snake-oil. Bad stuff exists. But there is a lot of snake-oil and scare talk involved, especially the way so many of the AV packages go all hysterical and shout YOU HAVE AN INFECTION!! YOUR COMPUTER IS BEING ATTAAAAACKED!!! whenever they find something they don't like. And the silly scary names they make up. EEK! YOU'VE GOT RemAdm-TightVNC!12320b551bf9! BACKDOOR! BACKDOOR! No I don't, I have VNC Helpdesk and it's the vendor-recommended, vendor-installed remote desktop software for this hospital's Radiology Information System. Just give me a list of the stuff you think is questionable and chill, OK? And don't bury your exceptions list so deep I have to spend an hour looking for it.
posted by jfuller at 5:54 PM on September 17


switching for the sake of one false positive is jumping the gun

It's not just that - I had to reinstall everything a couple of months ago because it failed to notice a virus infection.

I've never heard of NOD32 though, so I'll take a look at that, too.
posted by ComfySofa at 3:01 AM on September 18


Just a note, I'm not recommending he drop CA because of one false positive - Kaspersky has given me my fair share. I'm recommending this because we had CA previously and I was cleaning out viruses every week or two until we switched to Kaspersky. My recommendation comes from the server/workstation experience, though, so that might be something to take into consideration.
posted by cimbrog at 10:29 AM on September 18


« Older WebDesignFilter! Is there a w...   |   Recommend someone who speciali... Newer »

You are not logged in, either login or create an account to post comments